package cn.com.shiro;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

/**
 * 自定义认证表单过滤器   shiro.xml中的过滤链中的authc
 * @author Administrator
 *
 */
public class MyFormAuthenticationFilter extends FormAuthenticationFilter{


	@Override
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
			HttpServletRequest httpRequest=(HttpServletRequest)request;
			HttpSession session=httpRequest.getSession(true);
			//session中的验证码是key值是生成验证码的jsp中设置的
			String validateCode=(String) session.getAttribute("validateCode");
			System.out.println("验证码"+validateCode);
			//获取表单提交的验证码
			String yzm=httpRequest.getParameter("yzm");
			System.out.println("验证码2"+yzm);
			
			//当验证码没有生成时 validateCode和yzm值都为null
			if(yzm!=null && validateCode!=null && !yzm.equals(validateCode)){
				//设置request域中shiroLoginFailure的值为自定义  用于判别验证码错误
				httpRequest.setAttribute("shiroLoginFailure", "randomCodeError");
				return true;
			}
		return super.onAccessDenied(request, response);
	}
	
}
